On May 6, 2003 at 13:19 asrg(_at_)mikerubel(_dot_)org (Michael Rubel) wrote:
But if that were made even slightly difficult they'd just use
xyz(_at_)anyhost(_dot_)com(_dot_)
Barry,
Ask yourself: Why are spammers drawn to bighost.com addresses?
I'll tell ya what, you ask yourself:
When was the last time you said "stranger(_at_)aol(_dot_)com"? Why
it must be important, IT'S FROM AOL.COM!
Or is this another one of those theories based on the third-person
invisible? There exists a person so dumb that...(20 years ago we'd say
"my secretary" but now we tend to say "my grandmother" in a
questionable evolution of PC-ness.)
It's because these sources carry an implicit trust, which becomes explicit
when spamassassin starts evaluating whether the message is spam or ham.
No, they don't carry any trust.
The only thing that might carry some trust is someone(_at_)xyz(_dot_)com where
you believe you recognize someone, particularly in the context of
@xyz.com, like yourbrokersname(_at_)hisbrokeragehouse(_dot_)com(_dot_)
Now, I'll admit that in a tiny way spammers are actually cracking this
also. They search for documents (web sites etc) with more than one
address and permute one as being from the other.
So, for example, if kee(_at_)somewhere(_dot_)com had once authored a paper with
bzs(_at_)theworld(_dot_)com and it's on the web somewhere we can each expect to
get spam claiming to be from the other.
But when it's Kee trying to get me to refinance my house I know it's
not really Kee because he only sells penis enlargers.
If we can prevent spammers from using respected names, then we've pushed
them toward unknown names (or more precisely, names from which the recipient
does not normally receive ham) which carry a lower default credibility; a
message will have to look substantially more spam-like to be rejected if it
comes legitimately (according to RMX records) from bighost.com.
If that's your goal then just add the mailbox and call it whitelisting.
Anyhow, no, I disagree, it's a tiny, tiny improvement in the spam arena.
It *might* be some improvement in general identification to prevent
certain types of malicious fraud.
For example, something which has been known to happen is email
purporting to be from support(_at_)yourisp(_dot_)com telling you to click the
enclosed link to change your password for some reason, often "you must
change your password in the next 3 days or your account will be
disabled!" And of course what's there is a dummied-up form looking
like it's your ISP's but it's not, and asks for your old password,
etc.
BUT THAT'S NOT SPAM (oops, sorry for shouting.)
On the other hand, the spam threshold will be a lot higher for forged
messages that claim to come from bighost.com but in fact do not.
I'm also wondering why this is better than signing envelope info with
something like PGP? Wouldn't the latter remove the need for the
real-time backtalk?
I love PGP; the reason it hasn't seen widespread deployment is that it's a
heavyweight solution. I believe that RMX is just lightweight enough to
actually happen.
Mike
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg